Bad Security
Posted by Doug Tue, 01 Feb 2005 16:14:00 GMT
Here’s another insightful find from Bruce Schneier. This just makes me shake my head and laugh. How many computer security policies are the same?
Here’s another insightful find from Bruce Schneier. This just makes me shake my head and laugh. How many computer security policies are the same?
Inspiration from Auschwitz
Posted by Doug Tue, 01 Feb 2005 13:31:00 GMT
I’m on a mailing list run by one of my clients called E-nspirations. It’s a mostly periodic but somewhat infrequent mini-article written by Jean Kelley. Today’s message was prompted by the 60th anniversary of the liberation of Auschwitz. Jean says, “The significance of this event sent me to my bookshelf where I found Victor Frankl’s Book, Man’s Search for Meaning.”The last of the human freedoms is to chose one’s attitude in any given set of circumstances. —Victor FranklI read Man’s Search for Meaning in college while I was studying in Vienna, Austria. It is a powerful book that I read during an pivotal time in my life. It’s message is old and familiar. I have had the “power to chose” drilled into me all my life. And yet, I still seem to forget it. I still seem to let my environment dictate my responses; or my moods swing back and forth. Remembering the horrors of Auschwitz and yet Frankl can make the above statement hits me particularly powerfully today.
Smart Thinking
Posted by Doug Mon, 31 Jan 2005 16:21:00 GMT
There are few guys that I classify as some our “Smartest Thinkers”. Bruce Schneier is probably one of the smartest guys working in the security business.Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn’t be worth it. Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don’t fly, it’s a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it’s a waste of money. If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn’t build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn’t make security sense. That’s my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response—things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.By the way, I’m filing this article under “Politics” because it seems that politicians are making security decisions more and more. There doesn’t seem to be a lot of reasoning to it either.
